CVEs affecting projects tracked on Release Alert, from NVD & OSV.
ClamAV before 0.97.7: dbg_printhex possible information leak